[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4964-gcafc9ef

Sun, 15 Feb 2009 18:19:21 -0800 

The branch, v3-3-test has been updated
       via  cafc9efceadcefa9154874e9846158cf23ee1645 (commit)
      from  f11d4d088c17db77ba259972c05de72da0d3ac93 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -----------------------------------------------------------------
commit cafc9efceadcefa9154874e9846158cf23ee1645
Author: Jeremy Allison <j...@samba.org>
Date:   Sun Feb 15 18:18:38 2009 -0800

    Attempt to fix bug #6099. According to Microsoft
    Windows 7 looks at the negotiate_flags
    returned in this structure *even if the
    call fails with access denied ! So in order
    to allow Win7 to connect to a Samba NT style
    PDC we set the flags before we know if it's
    an error or not.
    Jeremy.

-----------------------------------------------------------------------

Summary of changes:
 source/rpc_server/srv_netlog_nt.c |   43 ++++++++++++++++++++++--------------
 1 files changed, 26 insertions(+), 17 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/rpc_server/srv_netlog_nt.c 
b/source/rpc_server/srv_netlog_nt.c
index d375101..2efef7f 100644
--- a/source/rpc_server/srv_netlog_nt.c
+++ b/source/rpc_server/srv_netlog_nt.c
@@ -474,6 +474,32 @@ NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p,
        uint32_t srv_flgs;
        struct netr_Credential srv_chal_out;
 
+       /* According to Microsoft (see bugid #6099)
+        * Windows 7 looks at the negotiate_flags
+        * returned in this structure *even if the
+        * call fails with access denied ! So in order
+        * to allow Win7 to connect to a Samba NT style
+        * PDC we set the flags before we know if it's
+        * an error or not.
+        */
+
+       /* 0x000001ff */
+       srv_flgs = NETLOGON_NEG_ACCOUNT_LOCKOUT |
+                  NETLOGON_NEG_PERSISTENT_SAMREPL |
+                  NETLOGON_NEG_ARCFOUR |
+                  NETLOGON_NEG_PROMOTION_COUNT |
+                  NETLOGON_NEG_CHANGELOG_BDC |
+                  NETLOGON_NEG_FULL_SYNC_REPL |
+                  NETLOGON_NEG_MULTIPLE_SIDS |
+                  NETLOGON_NEG_REDO |
+                  NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL;
+
+       if (lp_server_schannel() != false) {
+               srv_flgs |= NETLOGON_NEG_SCHANNEL;
+       }
+
+       *r->out.negotiate_flags = srv_flgs;
+
        /* We use this as the key to store the creds: */
        /* r->in.computer_name */
 
@@ -520,26 +546,9 @@ NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p,
                        r->in.account_name));
                return NT_STATUS_ACCESS_DENIED;
        }
-
-       /* 0x000001ff */
-       srv_flgs = NETLOGON_NEG_ACCOUNT_LOCKOUT |
-                  NETLOGON_NEG_PERSISTENT_SAMREPL |
-                  NETLOGON_NEG_ARCFOUR |
-                  NETLOGON_NEG_PROMOTION_COUNT |
-                  NETLOGON_NEG_CHANGELOG_BDC |
-                  NETLOGON_NEG_FULL_SYNC_REPL |
-                  NETLOGON_NEG_MULTIPLE_SIDS |
-                  NETLOGON_NEG_REDO |
-                  NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL;
-
-       if (lp_server_schannel() != false) {
-               srv_flgs |= NETLOGON_NEG_SCHANNEL;
-       }
-
        /* set up the LSA AUTH 2 response */
        memcpy(r->out.return_credentials->data, &srv_chal_out.data,
               sizeof(r->out.return_credentials->data));
-       *r->out.negotiate_flags = srv_flgs;
 
        fstrcpy(p->dc->mach_acct, r->in.account_name);
        fstrcpy(p->dc->remote_machine, r->in.computer_name);


-- 
Samba Shared Repository

Reply via email to